Interesting malware

[Lil' Abner]

Ran across one yesterday; forgot to write it down, but it started with "P".
All kinds of Spanish popups and browser was hijacked.
But the interesting thing was that it had created a new passworded user
account called "Administrare". While the "owner" account still had
administrative priviledges, it still wouldn't allow task manager and other
administrative functions to run.
I managed to delete the phony account in Safe Mode. Then between SAS and
Spybot S&D I managed to get rid of it.
It (a laptop) was loaded with other stuff too, but it all cleaned up
nicely. Not sure where he got it but I noticed in his history he had been
to a multitude of penis enlargement sites.
Had a notion to ask him about that, but I don't know him that well :-).

--
--- A dyslexic man walks into a bra ---

[David H. Lipman]

From: "Lil' Abner" <blvstk@dogpatch.com>

| Ran across one yesterday; forgot to write it down, but it started with "P".
| All kinds of Spanish popups and browser was hijacked.
| But the interesting thing was that it had created a new passworded user
| account called "Administrare". While the "owner" account still had
| administrative priviledges, it still wouldn't allow task manager and other
| administrative functions to run.
| I managed to delete the phony account in Safe Mode. Then between SAS and
| Spybot S&D I managed to get rid of it.
| It (a laptop) was loaded with other stuff too, but it all cleaned up
| nicely. Not sure where he got it but I noticed in his history he had been
| to a multitude of penis enlargement sites.
| Had a notion to ask him about that, but I don't know him that well :-).
|

Too bad you didn't grab samples. :-(

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Paul Zak]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:sjcrh.1689$AG6.159@trnddc06...
> From: "Lil' Abner" <blvstk@dogpatch.com>
>
> | Ran across one yesterday; forgot to write it down, but it started with
"P".
> | All kinds of Spanish popups and browser was hijacked.
> | But the interesting thing was that it had created a new passworded user
> | account called "Administrare". While the "owner" account still had
> | administrative priviledges, it still wouldn't allow task manager and
other
> | administrative functions to run.
> | I managed to delete the phony account in Safe Mode. Then between SAS and
> | Spybot S&D I managed to get rid of it.
> | It (a laptop) was loaded with other stuff too, but it all cleaned up
> | nicely. Not sure where he got it but I noticed in his history he had
been
> | to a multitude of penis enlargement sites.
> | Had a notion to ask him about that, but I don't know him that well :-).
> |
>
> Too bad you didn't grab samples.

Of the penis enlargement product?

[David H. Lipman]

From: "Paul Zak" <idontgotnone@nowhere.com>


|
| Of the penis enlargement product?
|

:-)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Lil' Abner]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:sjcrh.1689$AG6.159@trnddc06:

> From: "Lil' Abner" <blvstk@dogpatch.com>
>
>| Ran across one yesterday; forgot to write it down, but it started
>| with "P". All kinds of Spanish popups and browser was hijacked.
>| But the interesting thing was that it had created a new passworded
>| user account called "Administrare". While the "owner" account still
>| had administrative priviledges, it still wouldn't allow task manager
>| and other administrative functions to run.
>| I managed to delete the phony account in Safe Mode. Then between SAS
>| and Spybot S&D I managed to get rid of it.
>| It (a laptop) was loaded with other stuff too, but it all cleaned up
>| nicely. Not sure where he got it but I noticed in his history he had
>| been to a multitude of penis enlargement sites.
>| Had a notion to ask him about that, but I don't know him that well
>| :-).
>|
>
> Too bad you didn't grab samples. :-(

Yeah, I wish I had it back here now. I imagine that Spybot S&D has it in
its logfile.

--
--- A dyslexic man walks into a bra ---